Kontrola logu: SPĚCHÁ!!! Vyřešeno

[AleRx8]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:50, on 29.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CS\cs.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Aleš\ehrqw.exe \s
O2 - BHO: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: &IE Help - {35A5B43B-CB8A-49CA-A9F4-D3B308D2E3CC} - C:\WINDOWS\system32\iehelpmod.dll
O2 - BHO: Mediafour XPlay Explorer notifications - {4907C0AD-874D-44D9-B13E-7B0A4D8B9D3E} - C:\Program Files\Mediafour\XPlay 3\XPBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Dealio Toolbar - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
O4 - HKLM\..\RunServices: [WUSB54GC] %ProgramFiles%\
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\ALE~1\LOCALS~1\Temp\b.exe
O4 - HKCU\..\Run: [CS] C:\Program Files\CS\cs.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9804718327
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Služba Google Update (gupdate1c9b8f938ee5722) (gupdate1c9b8f938ee5722) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: M4iPodWPDService - Mediafour Corporation - C:\Program Files\Common Files\Mediafour\iPod\M4iPodWPDService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - C:\Program Files\Linksys\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 9683 bytes

Předem dík

[Reklama]

[pitimir]

Vidim bordel...

Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

[AleRx8]

ComboFix 09-10-28.06 - Aleš 29.10.2009 12:33.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.497 [GMT 1:00]
Spuštěný z: c:\documents and settings\Aleš\Plocha\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\config.ini
c:\program files\Dealio Toolbar\DealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\separator.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\SearchSettingsKit.exe
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\FlashGet Network
c:\windows\msa.exe
c:\windows\system32\iehelpmod.dll
c:\windows\system32\kr_done1

Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-09-28 do 2009-10-29 )))))))))))))))))))))))))))))))
.

2009-10-26 15:37 . 2009-10-26 15:38 -------- d-----w- c:\program files\RapidshareDownloader
2009-10-26 14:54 . 2009-10-26 14:54 -------- d-----w- c:\program files\Common Files\CSUninstall
2009-10-26 14:52 . 2009-10-29 07:19 -------- d-----w- c:\program files\CS
2009-10-06 14:27 . 2009-10-06 14:27 -------- d-----w- c:\program files\Deep Silver
2009-10-03 08:09 . 2009-10-03 08:09 -------- d-----w- c:\windows\system32\VIRepair
2009-10-03 08:06 . 2009-10-03 08:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-03 07:40 . 2009-10-03 07:40 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-10-02 13:04 . 2009-09-09 19:19 146412 ----a-w- c:\windows\system32\vilaunch.exe
2009-10-02 13:04 . 2009-10-03 08:09 -------- d-----w- c:\program files\Vista Rainbar
2009-10-02 13:01 . 2009-10-03 08:12 -------- d-----w- c:\windows\system32\VITrans
2009-10-02 13:01 . 2009-10-02 13:06 -------- d-----w- C:\VTPFiles
2009-10-02 13:01 . 2006-12-03 15:15 111104 ----a-w- c:\windows\system32\Uharc.exe
2009-10-02 13:01 . 2006-12-03 15:15 19968 ----a-w- c:\windows\system32\reico.exe
2009-10-02 13:01 . 2006-12-03 15:14 8636 ----a-w- c:\windows\system32\modifype.exe
2009-10-02 13:01 . 2006-12-03 15:15 69632 ----a-w- c:\windows\system32\moveex.exe
2009-10-02 13:01 . 2004-11-27 17:00 94208 ----a-w- c:\windows\system32\pskill.exe
2009-10-02 13:00 . 2009-03-23 15:39 20480 ----a-w- c:\windows\system32\scrnrdr.exe
2009-09-30 13:22 . 2009-09-30 13:22 -------- d-----w- C:\profiles
2009-09-29 14:25 . 1998-12-01 10:18 54784 ----a-w- c:\windows\system32\inetwh32.dll
2009-09-29 14:25 . 2009-09-29 14:25 -------- d-----w- c:\program files\AT&T
2009-09-29 14:25 . 1998-09-24 16:31 270848 ----a-w- c:\windows\unwise.exe
2009-09-29 14:25 . 2009-10-24 17:52 -------- d-----w- c:\windows\WNBackup

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-26 16:56 . 2008-12-29 16:51 -------- d-----w- c:\program files\Zaklínač
2009-10-25 06:03 . 2006-03-02 12:00 83652 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 06:03 . 2006-03-02 12:00 440316 ----a-w- c:\windows\system32\perfh005.dat
2009-10-24 17:52 . 2009-04-04 09:18 -------- d-----w- c:\program files\Wise Registry Cleaner 3
2009-10-24 06:16 . 2008-04-30 13:55 -------- d-----w- c:\program files\ATI Technologies
2009-10-22 15:52 . 2009-08-24 10:20 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-10-06 14:27 . 2008-04-30 19:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-03 08:38 . 2009-09-09 11:44 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-03 08:30 . 2009-02-28 11:49 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-03 07:40 . 2009-08-23 11:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-02 13:34 . 2009-08-12 07:58 -------- d-----w- c:\program files\Capture-A-ScreenShot
2009-10-02 12:52 . 2009-07-31 11:26 -------- d-----w- c:\program files\Cenega Czech
2009-09-30 17:48 . 2009-09-26 06:34 -------- d-----w- c:\program files\SlySoft
2009-09-30 17:36 . 2009-09-26 08:44 -------- d-----w- c:\program files\bobyte
2009-09-28 11:16 . 2008-07-14 12:22 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-28 11:16 . 2008-07-14 12:22 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-27 08:43 . 2009-09-09 05:10 -------- d-----w- c:\program files\IObit
2009-09-27 06:49 . 2009-03-18 18:56 -------- d-----w- c:\program files\Free Video Converter
2009-09-26 08:42 . 2009-09-26 08:42 -------- d-----w- c:\program files\AVI MPEG RM WMV Joiner
2009-09-25 14:35 . 2008-04-30 13:56 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-09-23 22:59 . 2008-03-29 06:21 4481024 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-09-23 22:39 . 2008-03-29 04:05 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-23 22:38 . 2008-03-29 04:04 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2009-09-23 22:21 . 2008-03-29 03:56 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-23 22:21 . 2008-03-29 03:56 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-23 22:21 . 2008-03-29 03:55 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-09-23 22:20 . 2008-03-29 03:55 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-23 22:20 . 2008-03-29 03:55 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-09-23 22:19 . 2008-03-29 03:54 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-09-23 22:17 . 2008-03-29 03:52 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-09-23 22:11 . 2008-03-29 03:39 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-09-23 22:09 . 2008-03-29 03:43 3506080 ----a-w- c:\windows\system32\ati3duag.dll
2009-09-23 21:58 . 2009-01-14 05:46 12644352 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-23 21:53 . 2008-03-29 03:36 2096384 ----a-w- c:\windows\system32\ativvaxx.dll
2009-09-23 21:36 . 2009-03-16 19:40 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-09-23 21:36 . 2008-03-29 03:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-23 21:32 . 2008-03-29 03:21 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-09-23 21:31 . 2009-02-04 02:43 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-23 21:31 . 2009-02-04 02:42 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-23 21:30 . 2009-01-14 03:44 167936 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-23 21:29 . 2008-03-29 03:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-09-23 21:29 . 2009-02-04 02:40 3489792 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-23 21:28 . 2008-03-29 03:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-09-23 21:27 . 2008-03-29 04:40 401408 ----a-w- c:\windows\system32\atiok3x2.dll
2009-09-23 21:23 . 2008-03-29 03:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-09-23 12:55 . 2009-03-05 16:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-20 11:33 . 2008-07-14 12:07 -------- d-----w- c:\program files\Electronic Arts
2009-09-20 11:31 . 2009-08-23 11:18 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-20 10:12 . 2009-08-24 10:26 354560 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-20 08:02 . 2008-05-07 14:56 -------- d-----w- c:\program files\EA Sports
2009-09-15 12:33 . 2008-07-14 12:22 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-14 18:35 . 2008-11-09 05:48 7750 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-09-14 18:15 . 2008-05-08 13:12 -------- d-----w- c:\program files\EA GAMES
2009-09-12 07:45 . 2009-09-12 07:45 -------- d-----w- c:\program files\City Interactive
2009-09-11 14:19 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 18:57 . 2008-11-03 15:52 -------- d-----w- c:\program files\Codemasters
2009-09-09 11:42 . 2008-05-15 11:25 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-05 12:12 . 2009-02-15 11:36 -------- d-----w- c:\program files\Opera
2009-09-05 05:39 . 2009-09-04 11:28 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-09-04 21:05 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 09:17 . 2009-03-08 15:56 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-01 19:55 . 2008-03-06 14:40 195855 ----a-w- c:\windows\system32\atiicdxx.dat
2009-08-29 11:19 . 2009-08-29 11:19 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-08-29 07:58 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2006-03-02 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-24 11:29 . 2009-02-16 17:58 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2009-08-20 06:55 . 2009-08-20 06:55 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-06 18:24 . 2008-04-30 02:51 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2008-04-30 02:51 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2008-04-30 02:51 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2007-07-30 17:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2008-04-30 02:51 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2006-03-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2008-04-30 02:51 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2008-04-30 02:51 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 09:17 . 2009-08-06 09:17 4096 ----a-w- c:\windows\d3dx.dat
2009-08-05 09:01 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2006-03-02 12:00 2147328 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2004-08-17 15:45 2025984 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-02 06:11 . 2009-08-01 08:05 21840 ----atw- c:\windows\system32\SIntfNT.dll
2009-08-02 06:11 . 2009-08-01 08:05 17212 ----atw- c:\windows\system32\SIntf32.dll
2009-08-02 06:11 . 2009-08-01 08:05 12067 ----atw- c:\windows\system32\SIntf16.dll
2009-08-02 05:32 . 2008-12-29 17:02 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-08-02 05:32 . 2008-12-29 17:02 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-28 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"amd_dc_opt"=c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}"="c:\program files\Mediafour\XPlay 3\XPlay.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Documents and Settings\\Aleš\\Plocha\\Hry\\Race Driver Grid\\GRID.exe"=
"c:\\Documents and Settings\\Aleš\\Plocha\\Hry\\qwake\\quake3.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\Bootstrapper.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\BattleForge.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5.3.2009 17:15 64288]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [30.4.2009 16:18 284416]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [10.8.2009 13:10 136744]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [17.4.2009 12:45 68865]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [9.9.2009 6:21 305936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1170768]
R2 M4iPodWPDService;M4iPodWPDService;c:\program files\Common Files\Mediafour\iPod\M4iPodWPDService.exe [6.7.2009 8:18 208896]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [3.5.2008 9:30 36864]
S2 gupdate1c9b8f938ee5722;Služba Google Update (gupdate1c9b8f938ee5722);c:\program files\Google\Update\GoogleUpdate.exe [9.4.2009 10:54 133104]
S3 MaplomL;MaplomL; [x]
S3 naecd;naecd;\??\c:\docume~1\ALE~1\LOCALS~1\Temp\naecd.sys --> c:\docume~1\ALE~1\LOCALS~1\Temp\naecd.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.1.2007 18:31 42000]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [4.4.2009 11:17 98488]

--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - CLASSPNP_2
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-10-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 09:30]

2009-10-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:17]

2008-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-10-29 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-09 13:35]

2009-10-26 c:\windows\Tasks\AWC Update.job
- c:\program files\IObit\Advanced SystemCare 3\IObitUpdate.exe [2009-09-09 08:15]

2009-10-29 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-09 11:16]

2009-10-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 09:54]

2009-09-14 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-09-14 07:22]

2009-10-29 c:\windows\Tasks\User_Feed_Synchronization-{2498F1D9-1D26-4824-BAD2-0BEBA0B63F62}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Download with Star Downloader
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Star Downloaderem
FF - ProfilePath - c:\documents and settings\Aleš\Data aplikací\Mozilla\Firefox\Profiles\3z9g3s1m.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\Aleš\Data aplikací\Mozilla\Firefox\Profiles\3z9g3s1m.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\documents and settings\Aleš\Data aplikací\Mozilla\Firefox\Profiles\3z9g3s1m.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1691.8062\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
Toolbar-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - c:\program files\Dealio Toolbar\DealioToolbarIE.dll
ShellIconOverlayIdentifiers-MacDrive Volume Icons - (no file)
HKCU-Run-CS - c:\program files\CS\cs.exe
AddRemove-CS - c:\program files\CS\cs.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-29 12:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1275210071-688789844-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:37,40,43,ab,c7,6b,e4,b3,6f,d5,3f,0f,6d,b9,a5,1d,bf,0b,8e,39,4a,6b,0a,
d1,ed,f6,16,0f,b0,ef,55,06,39,b0,9a,ea,cf,9f,a0,59,06,1d,2b,36,fe,9d,e5,c1,\
"??"=hex:f1,77,94,1a,22,b0,c5,38,fd,c3,dd,40,36,67,45,49

[HKEY_USERS\S-1-5-21-1275210071-688789844-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:6b,19,9b,69,bf,81,d6,89,d3,a9,37,23,91,22,ee,23,ba,00,8d,bf,46,
da,32,19,d7,2a,76,12,69,4c,78,c2,8e,46,5c,da,47,cc,db,a1,88,ea,1e,1b,93,2b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-10-29 12:42
ComboFix-quarantined-files.txt 2009-10-29 11:42
ComboFix2.txt 2009-06-27 12:36
ComboFix3.txt 2009-06-27 11:28

Před spuštěním: Volných bajtů: 15 404 961 792
Po spuštění: Volných bajtů: 15 402 606 592

- - End Of File - - D877D6341B2F00730F87CC9AC7B31D01

[AleRx8]

Up

[pitimir]

Klidek, nemam cas tu byt cely den...

1) Stiahni MbAM. Uloz na plochu, otvor "mbam-setup.exe" a nainstaluj. Updatuj. Potom spravis kompletny scan - co program najde, zmaz. Nasledny log vloz sem.


2) Stiahni RootRepeal. Spustis program, kliknes na "Report" -> "Scan" a zafajknes vsetky polozky. Stlac "OK" a spusti sa scan. Po jeho dokonceni klik na "Save Report" a vzniknuty log skopiruj sem.

[AleRx8]

Mbam log:

Malwarebytes' Anti-Malware 1.41
Verze databáze: 2775
Windows 5.1.2600 Service Pack 3

30.10.2009 14:41:06
mbam-log-2009-10-30 (14-41-06).txt

Typ kontroly: Kompletní kontrola (C:\|)
Zkontrolované objekty: 300207
Uplynulý čas: 1 hour(s), 19 minute(s), 52 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)





Root Repeal:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2009/10/30 06:44
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name:
Image Path:
Address: 0xF72AF000 Size: 98304 File Visible: No Signed: -
Status: -

Name:
Image Path:
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: PCI_PNP8378
Image Path: \Driver\PCI_PNP8378
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xAAAC0000 Size: 49152 File Visible: No Signed: -
Status: -

Name: sphm.sys
Image Path: sphm.sys
Address: 0xF7365000 Size: 1052672 File Visible: No Signed: -
Status: -

Name: sptd
Image Path: \Driver\sptd
Address: 0x00000000 Size: 0 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: c:\windows\temp\perflib_perfdata_7ec.dat
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\aleš\local settings\temp\etilqs_0yyndr8twhh0tehfvlv3
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\aleš\local settings\temp\etilqs_lksnzkynphivxh9h7ciw
Status: Allocation size mismatch (API: 32768, Raw: 0)

Path: c:\documents and settings\aleš\local settings\data aplikací\google\chrome\user data\default\current session
Status: Size mismatch (API: 52914, Raw: 43204)

Path: c:\documents and settings\aleš\local settings\data aplikací\google\chrome\user data\default\history index 2009-10
Status: Size mismatch (API: 397312, Raw: 348160)

Path: c:\documents and settings\aleš\local settings\data aplikací\google\chrome\user data\default\history-journal
Status: Size mismatch (API: 70280, Raw: 53864)

Path: C:\Documents and Settings\Aleš\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache\f_000026
Status: Could not get file information (Error 0xc0000008)

Path: C:\Documents and Settings\Aleš\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache\f_000027
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Aleš\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache\f_000028
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Aleš\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache\f_000029
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Aleš\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache\f_00002a
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Aleš\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache\f_00002b
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Aleš\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache\f_00002c
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Aleš\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache\f_00002d
Status: Visible to the Windows API, but not on disk.

Path: C:\Documents and Settings\Aleš\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Cache\f_00002e
Status: Visible to the Windows API, but not on disk.

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "a347bus.sys" at address 0xf7333028

#: 041 Function Name: NtCreateKey
Status: Hooked by "Lbd.sys" at address 0xf74d787e

#: 045 Function Name: NtCreatePagingFile
Status: Hooked by "a347bus.sys" at address 0xf7326b00

#: 053 Function Name: NtCreateThread
Status: Hooked by "<unknown>" at address 0xf7b087dc

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "a347bus.sys" at address 0xf73275dc

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "a347bus.sys" at address 0xf7333120

#: 116 Function Name: NtOpenFile
Status: Hooked by "a347bus.sys" at address 0xf7326b40

#: 119 Function Name: NtOpenKey
Status: Hooked by "a347bus.sys" at address 0xf7332fa4

#: 122 Function Name: NtOpenProcess
Status: Hooked by "<unknown>" at address 0xf7b087c8

#: 128 Function Name: NtOpenThread
Status: Hooked by "<unknown>" at address 0xf7b087cd

#: 160 Function Name: NtQueryKey
Status: Hooked by "a347bus.sys" at address 0xf73275fc

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "a347bus.sys" at address 0xf7333076

#: 241 Function Name: NtSetSystemPowerState
Status: Hooked by "a347bus.sys" at address 0xf7332550

#: 247 Function Name: NtSetValueKey
Status: Hooked by "Lbd.sys" at address 0xf74d7bfe

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "<unknown>" at address 0xf7b087d7

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "<unknown>" at address 0xf7b087d2

Stealth Objects
-------------------
Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]
Process: System Address: 0x8636a1f8 Size: 121

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CREATE]
Process: System Address: 0x8636b1f8 Size: 121

Object: Hidden Code [Driver: a347scsi, IRP_MJ_CLOSE]
Process: System Address: 0x8636b1f8 Size: 121

Object: Hidden Code [Driver: a347scsi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8636b1f8 Size: 121

Object: Hidden Code [Driver: a347scsi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8636b1f8 Size: 121

Object: Hidden Code [Driver: a347scsi, IRP_MJ_POWER]
Process: System Address: 0x8636b1f8 Size: 121

Object: Hidden Code [Driver: a347scsi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8636b1f8 Size: 121

Object: Hidden Code [Driver: a347scsi, IRP_MJ_PNP]
Process: System Address: 0x8636b1f8 Size: 121

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLOSE]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_READ]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_WRITE]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_EA]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_EA]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CLEANUP]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_POWER]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: atapi, IRP_MJ_PNP]
Process: System Address: 0x86035b28 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_EA]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_EA]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLEANUP]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]
Process: System Address: 0x86026570 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_CREATE]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_CLOSE]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_READ]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_WRITE]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_QUERY_EA]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_SET_EA]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_SHUTDOWN]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_CLEANUP]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_SET_SECURITY]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_POWER]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_SET_QUOTA]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: ar6g4wkiЅ
潉济Ёఐ卆浩
, IRP_MJ_PNP]
Process: System Address: 0x860a8f00 Size: 99

Object: Hidden Code [Driver: usbohci, IRP_MJ_CREATE]
Process: System Address: 0x8608f500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_CLOSE]
Process: System Address: 0x8608f500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8608f500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8608f500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_POWER]
Process: System Address: 0x8608f500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8608f500 Size: 121

Object: Hidden Code [Driver: usbohci, IRP_MJ_PNP]
Process: System Address: 0x8608f500 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]
Process: System Address: 0x8636c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]
Process: System Address: 0x8636c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]
Process: System Address: 0x8636c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x8636c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8636c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8636c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]
Process: System Address: 0x8636c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]
Process: System Address: 0x8636c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]
Process: System Address: 0x8636c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8636c1f8 Size: 121

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]
Process: System Address: 0x8636c1f8 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]
Process: System Address: 0x85fd7500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]
Process: System Address: 0x85fd7500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x85fd7500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x85fd7500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]
Process: System Address: 0x85fd7500 Size: 121

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]
Process: System Address: 0x85fd7500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]
Process: System Address: 0x8608d500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]
Process: System Address: 0x8608d500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x8608d500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x8608d500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]
Process: System Address: 0x8608d500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x8608d500 Size: 121

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]
Process: System Address: 0x8608d500 Size: 121

Object: Hidden Code [Driver: Rdbss, IRP_MJ_READ]
Process: System Address: 0x8610fdb0 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]
Process: System Address: 0x86106228 Size: 11

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]
Process: System Address: 0x86033500 Size: 121

Object: Hidden Code [Driver: Npfs؅ఆ剒敬⾼, IRP_MJ_READ]
Process: System Address: 0x860ab158 Size: 11

Object: Hidden Code [Driver: Msfs؅灎剆葨쵠臙؃ఠ潉济, IRP_MJ_READ]
Process: System Address: 0x861973b0 Size: 11

Object: Hidden Code [Driver: Fs_Rec, IRP_MJ_READ]
Process: System Address: 0x8600c298 Size: 11

Object: Hidden Code [Driver: Cdfs؅
瑎晦؁అ瑎獆ꮈ吠, IRP_MJ_CREATE]
Process: System Address: 0x86093500 Size: 121

Object: Hidden Code [Driver: Cdfs؅
瑎晦؁అ瑎獆ꮈ吠, IRP_MJ_CLOSE]
Process: System Address: 0x86093500 Size: 121

Object: Hidden Code [Driver: Cdfs؅
瑎晦؁అ瑎獆ꮈ吠, IRP_MJ_READ]
Process: System Address: 0x862be2c0 Size: 11

Object: Hidden Code [Driver: Cdfs؅
瑎晦؁అ瑎獆ꮈ吠, IRP_MJ_QUERY_INFORMATION]
Process: System Address: 0x86093500 Size: 121

Object: Hidden Code [Driver: Cdfs؅
瑎晦؁అ瑎獆ꮈ吠, IRP_MJ_SET_INFORMATION]
Process: System Address: 0x86093500 Size: 121

Object: Hidden Code [Driver: Cdfs؅
瑎晦؁అ瑎獆ꮈ吠, IRP_MJ_QUERY_VOLUME_INFORMATION]
Process: System Address: 0x86093500 Size: 121

Object: Hidden Code [Driver: Cdfs؅
瑎晦؁అ瑎獆ꮈ吠, IRP_MJ_DIRECTORY_CONTROL]
Process: System Address: 0x86093500 Size: 121

Object: Hidden Code [Driver: Cdfs؅
瑎晦؁అ瑎獆ꮈ吠, IRP_MJ_FILE_SYSTEM_CONTROL]
Process: System Address: 0x86093500 Size: 121

Object: Hidden Code [Driver: Cdfs؅
瑎晦؁అ瑎獆ꮈ吠, IRP_MJ_DEVICE_CONTROL]
Process: System Address: 0x86093500 Size: 121

Object: Hidden Code [Driver: Cdfs؅
瑎晦؁అ瑎獆ꮈ吠, IRP_MJ_SHUTDOWN]
Process: System Address: 0x86093500 Size: 121

Object: Hidden Code [Driver: Cdfs؅
瑎晦؁అ瑎獆ꮈ吠, IRP_MJ_LOCK_CONTROL]
Process: System Address: 0x86093500 Size: 121

Object: Hidden Code [Driver: Cdfs؅
瑎晦؁అ瑎獆ꮈ吠, IRP_MJ_CLEANUP]
Process: System Address: 0x86093500 Size: 121

Object: Hidden Code [Driver: Cdfs؅
瑎晦؁అ瑎獆ꮈ吠, IRP_MJ_PNP]
Process: System Address: 0x86093500 Size: 121

==EOF==

[AleRx8]

UP
Jo a jeste jsem si to prohlizel, a tam maji byt ty divne znaky a modra srdicka?

[pitimir]

Novy log z CF by som rad videl...

[AleRx8]

ComboFix 09-10-30.01 - Aleš 01.11.2009 9:05.6.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.491 [GMT 1:00]
Spuštěný z: c:\documents and settings\Aleš\Plocha\ComboFix.exe
AV: Avira AntiVir PersonalEdition *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

Nakažená kopie c:\windows\system32\drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - Kitty ate it :p
.
((((((((((((((((((((((((( Soubory vytvořené od 2009-10-01 do 2009-11-01 )))))))))))))))))))))))))))))))
.

2009-11-01 07:18 . 2009-11-01 07:18 -------- d-----w- c:\program files\KONAMI
2009-10-29 14:05 . 2009-10-29 14:07 -------- d-----w- C:\Chcete být milionářem LT
2009-10-26 15:37 . 2009-10-26 15:38 -------- d-----w- c:\program files\RapidshareDownloader
2009-10-26 14:54 . 2009-10-26 14:54 -------- d-----w- c:\program files\Common Files\CSUninstall
2009-10-26 14:52 . 2009-10-29 07:19 -------- d-----w- c:\program files\CS
2009-10-06 14:27 . 2009-10-06 14:27 -------- d-----w- c:\program files\Deep Silver
2009-10-03 08:09 . 2009-10-03 08:09 -------- d-----w- c:\windows\system32\VIRepair
2009-10-03 08:06 . 2009-10-03 08:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-10-03 07:40 . 2009-10-03 07:40 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-10-02 13:04 . 2009-09-09 19:19 146412 ----a-w- c:\windows\system32\vilaunch.exe
2009-10-02 13:04 . 2009-10-03 08:09 -------- d-----w- c:\program files\Vista Rainbar
2009-10-02 13:01 . 2009-10-03 08:12 -------- d-----w- c:\windows\system32\VITrans
2009-10-02 13:01 . 2009-10-02 13:06 -------- d-----w- C:\VTPFiles
2009-10-02 13:01 . 2006-12-03 15:15 111104 ----a-w- c:\windows\system32\Uharc.exe
2009-10-02 13:01 . 2006-12-03 15:15 19968 ----a-w- c:\windows\system32\reico.exe
2009-10-02 13:01 . 2006-12-03 15:14 8636 ----a-w- c:\windows\system32\modifype.exe
2009-10-02 13:01 . 2006-12-03 15:15 69632 ----a-w- c:\windows\system32\moveex.exe
2009-10-02 13:01 . 2004-11-27 17:00 94208 ----a-w- c:\windows\system32\pskill.exe
2009-10-02 13:00 . 2009-03-23 15:39 20480 ----a-w- c:\windows\system32\scrnrdr.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 05:42 . 2009-06-27 10:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-26 16:56 . 2008-12-29 16:51 -------- d-----w- c:\program files\Zaklínač
2009-10-25 06:03 . 2006-03-02 12:00 83652 ----a-w- c:\windows\system32\perfc005.dat
2009-10-25 06:03 . 2006-03-02 12:00 440316 ----a-w- c:\windows\system32\perfh005.dat
2009-10-24 17:52 . 2009-04-04 09:18 -------- d-----w- c:\program files\Wise Registry Cleaner 3
2009-10-24 06:16 . 2008-04-30 13:55 -------- d-----w- c:\program files\ATI Technologies
2009-10-22 15:52 . 2009-08-24 10:20 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-10-06 14:27 . 2008-04-30 19:51 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-03 08:38 . 2009-09-09 11:44 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-03 08:30 . 2009-02-28 11:49 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-10-03 07:40 . 2009-08-23 11:18 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-02 13:34 . 2009-08-12 07:58 -------- d-----w- c:\program files\Capture-A-ScreenShot
2009-10-02 12:52 . 2009-07-31 11:26 -------- d-----w- c:\program files\Cenega Czech
2009-09-30 17:48 . 2009-09-26 06:34 -------- d-----w- c:\program files\SlySoft
2009-09-30 17:36 . 2009-09-26 08:44 -------- d-----w- c:\program files\bobyte
2009-09-29 14:25 . 2009-09-29 14:25 -------- d-----w- c:\program files\AT&T
2009-09-28 11:16 . 2008-07-14 12:22 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-09-28 11:16 . 2008-07-14 12:22 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-09-27 08:43 . 2009-09-09 05:10 -------- d-----w- c:\program files\IObit
2009-09-27 06:49 . 2009-03-18 18:56 -------- d-----w- c:\program files\Free Video Converter
2009-09-26 08:42 . 2009-09-26 08:42 -------- d-----w- c:\program files\AVI MPEG RM WMV Joiner
2009-09-25 14:35 . 2008-04-30 13:56 593920 ------w- c:\windows\system32\ati2sgag.exe
2009-09-23 22:59 . 2008-03-29 06:21 4481024 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2009-09-23 22:39 . 2008-03-29 04:05 446464 ----a-w- c:\windows\system32\ATIDEMGX.dll
2009-09-23 22:38 . 2008-03-29 04:04 299520 ----a-w- c:\windows\system32\ati2dvag.dll
2009-09-23 22:21 . 2008-03-29 03:56 204800 ----a-w- c:\windows\system32\atipdlxx.dll
2009-09-23 22:21 . 2008-03-29 03:56 155648 ----a-w- c:\windows\system32\Oemdspif.dll
2009-09-23 22:21 . 2008-03-29 03:55 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-09-23 22:20 . 2008-03-29 03:55 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2009-09-23 22:20 . 2008-03-29 03:55 155648 ----a-w- c:\windows\system32\ati2evxx.dll
2009-09-23 22:19 . 2008-03-29 03:54 602112 ----a-w- c:\windows\system32\ati2evxx.exe
2009-09-23 22:17 . 2008-03-29 03:52 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2009-09-23 22:11 . 2008-03-29 03:39 311296 ----a-w- c:\windows\system32\atiiiexx.dll
2009-09-23 22:09 . 2008-03-29 03:43 3506080 ----a-w- c:\windows\system32\ati3duag.dll
2009-09-23 21:58 . 2009-01-14 05:46 12644352 ----a-w- c:\windows\system32\atioglxx.dll
2009-09-23 21:53 . 2008-03-29 03:36 2096384 ----a-w- c:\windows\system32\ativvaxx.dll
2009-09-23 21:36 . 2009-03-16 19:40 65024 ----a-w- c:\windows\system32\atimpc32.dll
2009-09-23 21:36 . 2008-03-29 03:24 65024 ----a-w- c:\windows\system32\amdpcom32.dll
2009-09-23 21:32 . 2008-03-29 03:21 561152 ----a-w- c:\windows\system32\atikvmag.dll
2009-09-23 21:31 . 2009-02-04 02:43 45056 ----a-w- c:\windows\system32\aticalrt.dll
2009-09-23 21:31 . 2009-02-04 02:42 45056 ----a-w- c:\windows\system32\aticalcl.dll
2009-09-23 21:30 . 2009-01-14 03:44 167936 ----a-w- c:\windows\system32\atiadlxx.dll
2009-09-23 21:29 . 2008-03-29 03:19 17408 ----a-w- c:\windows\system32\atitvo32.dll
2009-09-23 21:29 . 2009-02-04 02:40 3489792 ----a-w- c:\windows\system32\aticaldd.dll
2009-09-23 21:28 . 2008-03-29 03:18 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2009-09-23 21:27 . 2008-03-29 04:40 401408 ----a-w- c:\windows\system32\atiok3x2.dll
2009-09-23 21:23 . 2008-03-29 03:12 638976 ----a-w- c:\windows\system32\ati2cqag.dll
2009-09-23 12:55 . 2009-03-05 16:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-09-20 11:33 . 2008-07-14 12:07 -------- d-----w- c:\program files\Electronic Arts
2009-09-20 11:31 . 2009-08-23 11:18 -------- d-----w- c:\program files\AGEIA Technologies
2009-09-20 10:12 . 2009-08-24 10:26 354560 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-09-20 08:02 . 2008-05-07 14:56 -------- d-----w- c:\program files\EA Sports
2009-09-15 12:33 . 2008-07-14 12:22 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-09-14 18:35 . 2008-11-09 05:48 7750 ----a-w- c:\windows\system32\ealregsnapshot1.reg
2009-09-14 18:15 . 2008-05-08 13:12 -------- d-----w- c:\program files\EA GAMES
2009-09-12 07:45 . 2009-09-12 07:45 -------- d-----w- c:\program files\City Interactive
2009-09-11 14:19 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 13:54 . 2009-06-27 10:59 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 13:53 . 2009-06-27 10:59 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-09 18:57 . 2008-11-03 15:52 -------- d-----w- c:\program files\Codemasters
2009-09-09 11:42 . 2008-05-15 11:25 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-05 12:12 . 2009-02-15 11:36 -------- d-----w- c:\program files\Opera
2009-09-05 05:39 . 2009-09-04 11:28 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-09-04 21:05 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 09:17 . 2009-03-08 15:56 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-09-01 19:55 . 2008-03-06 14:40 195855 ----a-w- c:\windows\system32\atiicdxx.dat
2009-08-29 11:19 . 2009-08-29 11:19 86016 ----a-w- c:\windows\system32\frapsvid.dll
2009-08-29 07:58 . 2006-03-02 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-26 08:02 . 2006-03-02 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-24 11:29 . 2009-02-16 17:58 2287104 ----a-w- c:\windows\system32\TUKernel.exe
2009-08-20 06:55 . 2009-08-20 06:55 20747 ----a-w- c:\windows\system32\drivers\AegisP.sys
2009-08-06 18:24 . 2008-04-30 02:51 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2008-04-30 02:51 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2008-04-30 02:51 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2007-07-30 17:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2008-04-30 02:51 53472 ------w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2006-03-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2008-04-30 02:51 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2008-04-30 02:51 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 09:17 . 2009-08-06 09:17 4096 ----a-w- c:\windows\d3dx.dat
2009-08-05 09:01 . 2006-03-02 12:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-04 17:29 . 2006-03-02 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 17:29 . 2004-08-17 15:45 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
.

((((((((((((((((((((((((((((( SnapShot@2009-10-29_11.40.39 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-04-30 02:56 . 2009-11-01 08:05 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2008-04-30 02:56 . 2009-10-29 11:34 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-30 05:39 . 2009-11-01 08:05 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2008-04-30 02:56 . 2009-10-29 11:34 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-11-01 06:15 . 2009-11-01 06:15 22528 c:\windows\Installer\213a3.msi
+ 2009-11-01 07:19 . 2009-11-01 07:19 73728 c:\windows\Installer\{1F126EDC-DA29-4D5B-80DF-735252475FEE}\Shortcut_PES2010_E_19E2C126E9A346458082E1106EC36033.exe
+ 2009-11-01 07:19 . 2009-11-01 07:19 32570 c:\windows\Installer\{1F126EDC-DA29-4D5B-80DF-735252475FEE}\ARPPRODUCTICON.exe
+ 2009-11-01 07:19 . 2009-11-01 07:19 180224 c:\windows\Installer\{1F126EDC-DA29-4D5B-80DF-735252475FEE}\Shortcut_SETTINGS__E16DFE45D7AC4FBF87BBB412D05EFC15.exe
+ 2009-11-01 07:19 . 2009-11-01 07:19 1488384 c:\windows\Installer\38fc36.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-28 198160]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2007-08-10 16384000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"PnkBstrA"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe"
"RGSC"=c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"amd_dc_opt"=c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"{914C5BF8-EEDD-4F3A-A8BE-34EE71CF1B29}"="c:\program files\Mediafour\XPlay 3\XPlay.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Documents and Settings\\Aleš\\Plocha\\Hry\\Race Driver Grid\\GRID.exe"=
"c:\\Documents and Settings\\Aleš\\Plocha\\Hry\\qwake\\quake3.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Codemasters\\FUEL\\FUEL.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\Bootstrapper.exe"=
"c:\\Program Files\\Electronic Arts\\BattleForge\\BattleForge.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5.3.2009 17:15 64288]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [30.4.2009 16:18 284416]
R1 CbFs;CbFs;c:\windows\system32\drivers\cbfs.sys [10.8.2009 13:10 136744]
R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler;c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe [17.4.2009 12:45 68865]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [9.9.2009 6:21 305936]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24.9.2009 12:17 1170768]
R2 M4iPodWPDService;M4iPodWPDService;c:\program files\Common Files\Mediafour\iPod\M4iPodWPDService.exe [6.7.2009 8:18 208896]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [3.5.2008 9:30 36864]
S2 gupdate1c9b8f938ee5722;Služba Google Update (gupdate1c9b8f938ee5722);c:\program files\Google\Update\GoogleUpdate.exe [9.4.2009 10:54 133104]
S3 MaplomL;MaplomL; [x]
S3 naecd;naecd;\??\c:\docume~1\ALE~1\LOCALS~1\Temp\naecd.sys --> c:\docume~1\ALE~1\LOCALS~1\Temp\naecd.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25.1.2007 18:31 42000]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009\RpcAgentSrv.exe [4.4.2009 11:17 98488]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - CLASSPNP_2
*Deregistered* - mbr

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2009-10-02 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe [2007-12-21 09:30]

2009-11-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 13:17]

2008-12-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-01 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-09-09 13:35]

2009-11-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-04-09 11:16]

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 09:54]

2009-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-09 09:54]

2009-11-01 c:\windows\Tasks\User_Feed_Synchronization-{2498F1D9-1D26-4824-BAD2-0BEBA0B63F62}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: Download with Star Downloader
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Stáhnout Star Downloaderem
FF - ProfilePath - c:\documents and settings\Aleš\Data aplikací\Mozilla\Firefox\Profiles\3z9g3s1m.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\Aleš\Data aplikací\Mozilla\Firefox\Profiles\3z9g3s1m.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\documents and settings\Aleš\Data aplikací\Mozilla\Firefox\Profiles\3z9g3s1m.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-01 09:13
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-1275210071-688789844-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:37,40,43,ab,c7,6b,e4,b3,6f,d5,3f,0f,6d,b9,a5,1d,bf,0b,8e,39,4a,6b,0a,
d1,ed,f6,16,0f,b0,ef,55,06,39,b0,9a,ea,cf,9f,a0,59,06,1d,2b,36,fe,9d,e5,c1,\
"??"=hex:f1,77,94,1a,22,b0,c5,38,fd,c3,dd,40,36,67,45,49

[HKEY_USERS\S-1-5-21-1275210071-688789844-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:6b,19,9b,69,bf,81,d6,89,d3,a9,37,23,91,22,ee,23,ba,00,8d,bf,46,
da,32,19,d7,2a,76,12,69,4c,78,c2,8e,46,5c,da,47,cc,db,a1,88,ea,1e,1b,93,2b,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(876)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2009-11-01 9:15
ComboFix-quarantined-files.txt 2009-11-01 08:15
ComboFix2.txt 2009-10-29 11:43
ComboFix3.txt 2009-06-27 12:36
ComboFix4.txt 2009-06-27 11:28

Před spuštěním: Volných bajtů: 10 433 974 272
Po spuštění: Volných bajtů: 11 335 045 120

- - End Of File - - 277826F297F1B0DE571FFA5BDE19458E

[pitimir]

Presun ikonu CF na plochu, vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall a otvor poznamkovy blok. Donho skopiruj:

Kód: Vybrat vše

KillAll::
Restore::
c:\windows\system32\drivers\atapi.sys

File::
c:\windows\1C4551A64743409391E41477CD655043.TMP

Folder::
c:\program files\DAEMON Tools Toolbar
c:\program files\ask.com

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"=dword:00000001

Driver::
naecd

Rootkit::
c:\docume~1\ALE~1\LOCALS~1\Temp\naecd.sys

FireFox::
FF - ProfilePath - c:\documents and settings\Aleš\Data aplikací\Mozilla\Firefox\Profiles\3z9g3s1m.default\
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - About:Blank
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedi ... t=&gc=1&q=
FF - component: c:\documents and settings\Aleš\Data aplikací\Mozilla\Firefox\Profiles\3z9g3s1m.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}\components\DealioToolbarFF.dll

Extra::

Uloz na plochu ako CFScript.txt a mysou pretiahni nad ikonou CF.



Program script spracuje a spravi novy log.


Pozor: Ak po aplikacii skriptu nenabehne Windows, restartuj PC, stlac F8 a zvol Poslednu znamu funkcnu konfiguraciu.

[AleRx8]

Ach jo, co delat, kdyz uz 40 minut pise:pripravuji log report?

[AleRx8]

Zavřel jsem to, potřebuješ z toho ten log? Není to už hotové? Po hodině mi došla trpělivost, tak jsem to zavřel, log jsem nikde nenašel